LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Have my GPG key in another PC? (http://www.linuxquestions.org/questions/linux-security-4/have-my-gpg-key-in-another-pc-848624/)

hakermania 12-06-2010 06:15 AM

Have my GPG key in another PC?
 
I want to use my GPG key in order to sign some files in an other PC. I know my passwd of course. How can I do this? Just copy the folder .gnupg to the other machine?

andrewthomas 12-06-2010 06:21 AM

You really just need the secring.gpg file. Just import that file and then set the trust level.

hakermania 12-06-2010 07:11 AM

how do I set the trust level? what's this?

andrewthomas 12-06-2010 07:33 AM

Go to System > Preferences > Passwords and Encryption Keys
Select the My Personal Keys tab, select File > Import and import your secret key.
Then right click on the imported key, and select Properties > Details tab. In actions, select Override owner trust and set to Ultimate.

Noway2 12-06-2010 08:08 AM

If you aren't comfortable leaving your keys on that computer, another option would be to put them on a USB stick. I do this for use at work, where I don't want to leave a copy of my keys. I keep these in an encrypted volume on the memory stick to add an extra layer of protection. The distribution tag says that you are using Ubuntu. The Ubuntu wiki pages have a couple of really good how-to documents that describe the procedure, step by step.

hakermania 12-06-2010 12:30 PM

Quote:

Originally Posted by andrewthomas (Post 4182177)
Go to System > Preferences > Passwords and Encryption Keys
Select the My Personal Keys tab, select File > Import and import your secret key.
Then right click on the imported key, and select Properties > Details tab. In actions, select Override owner trust and set to Ultimate.

Why to do this? I have a GPG in my current PC but i don't have set a trust level. Is this the reason why it is constantly asking for password when it is to sign the files with my signature?

Quote:

Originally Posted by Noway2 (Post 4182207)
If you aren't comfortable leaving your keys on that computer, another option would be to put them on a USB stick. I do this for use at work, where I don't want to leave a copy of my keys. I keep these in an encrypted volume on the memory stick to add an extra layer of protection. The distribution tag says that you are using Ubuntu. The Ubuntu wiki pages have a couple of really good how-to documents that describe the procedure, step by step.

Why not to leave a copy of your keys? You need a password in order to sign with a GPG signature a file.

Noway2 12-06-2010 03:37 PM

You are correct, that the password is stored recursively in the key itself and it is needed to obtain useful information with the key. Given time, though, passwords can be cracked. By denying them access to the key, they can't try to brute force the password. Anybody with access to the machine can tell that you have private keys stored on the machine. By putting the keys in an encrypted volume, anyone who gets the USB stick does not know what is in the volume, unless they first crack that layer, given them another hoop to jump through in order to obtain they keys.

Once where I worked, I had a partial compromise by a coworker. I experimented with encrypting my home directory, purely for experimental purposes. Against my better judgment, I permitted the few users of the system to have sudo privilege reasoning that we all worked together and shared the system for common goals. Apparently one of them became curious about my encrypted folder and changed my password, presumably to then gain access. Fortunately, I did not put my private keys on that computer, but I had them on another machine. It was at that point, I decided to put them on a USB stick so that I could use them when I wanted to and then take them with me.


All times are GMT -5. The time now is 01:22 PM.